- Determine how to configure security inbound and
outbound at each
point in your infrastructure.
For example, you might
have a Java client
communicating with an Enterprise JavaBeans (EJB)
application server,
which in turn communicates to a downstream EJB application server.
The Java client
utilizes the sas.client.props file to configure outbound
security.
Pure clients must configure outbound security only.
A CSIv2 Java client
utilizes a configuration file that is specified by the com.ibm.CORBA.ConfigURL Java property
to configure outbound security.
The upstream EJB application
server
configures inbound security to handle the correct type of authentication
from
the Java client.
The upstream EJB application server utilizes the outbound security
configuration
when going to the downstream EJB application server.
This type
of authentication
might be different than what you expect from the Java client
into the upstream EJB application
server. Security might be tighter between the pure client and the
first EJB
server, depending on your infrastructure. The downstream EJB server
utilizes
the inbound security configuration to accept requests from the upstream
EJB
server. These two servers require similar configuration options as
well. If
the downstream EJB application server communicates to other downstream
servers,
the outbound security might require a special configuration.
- Specify the type of authentication.
By default,
authentication
by a user ID and password is performed.
By default, the
server supports authentication
with a user ID and password.
Both Java client
certificate authentication and
identity assertion are disabled by default. If you want this type
of authentication
performed at every tier, use the CSIv2 authentication protocol configuration
as is. However, if you have any special requirements where some servers
authenticate
differently from other servers, consider how to configure CSIv2 to
its best
advantage.
- Configure clients and servers.
Configuring
a pure Java client
is done through the sas.client.props file, where properties
are modified.
Configuring a pure Java client
is done through a properties file that is specified by the com.ibm.CORBA.ConfigURL Java property.
Configuring
servers is always done from the administrative console or scripting,
either
from the security navigation for cell-level configurations or from
the server
security of the application server for server-level configurations.
If you
want some servers to authenticate differently from others, modify
some of
the server-level configurations. When you modify the server-level
configurations,
you are overriding the cell-level configurations.
What to do next
Use CSIV2 inbound communications settings for
configuring the
type of authentication information that is contained in an incoming
request
or transport.
Use CSIV2 outbound communications settings to
specify
the features that a server supports when acting as a client to another
downstream
server.